diff options
| author | no author <devnull@mit.edu> | 2004-12-20 21:15:41 +0000 |
|---|---|---|
| committer | no author <devnull@mit.edu> | 2004-12-20 21:15:41 +0000 |
| commit | 3838c5d63c67d8f3e1e31746498ea113133f3bb7 (patch) | |
| tree | b18dae14345732ea1017df445e0cc8678ad0e715 /src | |
| parent | 37450a72019ccc2a38ad4045b345f718edc82dd1 (diff) | |
| download | krb5-3838c5d63c67d8f3e1e31746498ea113133f3bb7.zip krb5-3838c5d63c67d8f3e1e31746498ea113133f3bb7.tar.gz krb5-3838c5d63c67d8f3e1e31746498ea113133f3bb7.tar.bz2 | |
This commit was manufactured by cvs2svn to create branch 'krb5-1-3'
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-3@16962 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/pwhist.exp | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/src/tests/dejagnu/krb-standalone/pwhist.exp b/src/tests/dejagnu/krb-standalone/pwhist.exp new file mode 100644 index 0000000..f9938e0 --- /dev/null +++ b/src/tests/dejagnu/krb-standalone/pwhist.exp @@ -0,0 +1,215 @@ +# password history tests + +# one *non-interactive* kadmin.local request +proc onerq { rq pname str {flags ""} } { + global REALMNAME + global KADMIN_LOCAL + + spawn $KADMIN_LOCAL -r $REALMNAME -q "$rq $flags $pname" + expect_after { + timeout { + verbose "kadmin.local $rq $flags $pname timed out" + catch expect_after + kill [exp_pid] + close + expect eof + wait + return 0 + } eof { + verbose "kadmin.local $rq $flags $pname got EOF" + catch expect_after + wait + return 0 + } + } + expect $str + expect_after + expect eof + wait + return 1 +} + +proc addprinc { pname pw } { + global REALMNAME + + return [onerq addprinc $pname \ + "Principal \"$pname@$REALMNAME\" created." "-pw $pw"] +} + +proc delprinc { pname } { + global REALMNAME + return [onerq delprinc $pname \ + "Principal \"$pname@$REALMNAME\" deleted." "-force"] +} + +proc cpw { pname pw } { + global REALMNAME + + return [onerq cpw $pname \ + "Password for \"$pname@$REALMNAME\" changed." "-pw $pw"] +} + +proc modprinc { pname flags } { + global REALMNAME + + return [onerq modprinc $pname \ + "Principal \"$pname@$REALMNAME\" modified." $flags] +} + +proc addpol { pname } { + if ![onerq addpol $pname ""] { + return 0 + } + return [onerq getpol $pname "Policy: $pname"] +} + +proc delpol { pname } { + onerq delpol $pname "" -force + return [onerq getpol $pname \ + "Policy does not exist while retrieving policy \"$pname\"."] +} + +proc modpol { pname flags } { + return [onerq modpol $pname "" $flags] +} + +# Mandatory command must return true. +# Issues a break in its parent on failure. +proc mustrun { cmd } { + if ![eval $cmd] { + perror "mandatory command failed: $cmd" + uplevel break + } +} + +# Fail test if command fails. +# Issues a break in its parent on failure. +proc chkpass { cmd } { + upvar test test + if ![eval $cmd] { + verbose "unexpected failure: $cmd" + fail $test + uplevel break + } +} + +# Fail test if command succeeds. +# Issues a break in its parent on failure. +proc chkfail { cmd } { + upvar test test + if [eval $cmd] { + verbose "unexpected success: $cmd" + fail $test + uplevel break + } +} + +# wrapper to run command (actually usually sequence of commands) +# +# If any part of CMD throws an exception, set failall, otherwise pass. +# If failall is already true, report unresolved. +proc wraptest { test cmd } { + upvar failall failall + if $failall { + unresolved $test + return + } + if [catch $cmd] { + set failall 1 + } else { + pass $test + } +} + +# Set up the kerberos database. +if {![get_hostname] \ + || ![setup_kerberos_files] \ + || ![setup_kerberos_env] \ + || ![setup_kerberos_db 0]} { + return +} + +set failall 0 +wraptest "nkeys=1, nhist=3" { + mustrun { addpol crashpol } + mustrun { modpol crashpol "-history 3"} + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ 1111 ->[] ]} + +# The following will result in reading/writing past array bounds if +# add_to_history() is not patched. +# +# NOTE: A pass from this test does not mean the bug isn't present; +# check with Purify, valgrind, etc. +wraptest "array bounds ok on nkeys=1, nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkpass { cpw crash 3333 } +} +verbose {old_keys [ ->2222 ]} + +wraptest "verify nhist=2" { + mustrun { delprinc crash } + mustrun { addprinc crash 1111 } + mustrun { modprinc crash "-policy crashpol" } + chkpass { cpw crash 2222 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ ->1111 ]} + +# The following will fail if growing the history array causes an extra +# key to be lost due to failure to shift entries. +wraptest "grow nhist 2->3" { + mustrun { modpol crashpol "-history 3" } + chkpass { cpw crash 3333 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ 2222 ->1111 ]} + +wraptest "grow nhist 3->4" { + mustrun { modpol crashpol "-history 4" } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } +} +verbose {old_keys [ 2222 3333 ->1111 ]} +wraptest "shrink nhist 4->3" { + mustrun { modpol crashpol "-history 3" } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkfail { cpw crash 2222 } + chkfail { cpw crash 1111 } + chkpass { cpw crash 5555 } +} +verbose {old_keys [ 4444 ->3333 ]} +wraptest "verify nhist=3" { + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkfail { cpw crash 3333 } + chkpass { cpw crash 2222 } +} +verbose {old_keys [ ->4444 5555 ]} +wraptest "shrink nhist 3->2" { + mustrun { modpol crashpol "-history 2" } + chkfail { cpw crash 2222 } + chkfail { cpw crash 5555 } + chkfail { cpw crash 4444 } + chkpass { cpw crash 3333 } +} +verbose {old_keys [ ->2222 ]} + +delprinc crash +delpol crashpol + +stop_kerberos_daemons |